Special Report Focuses on Cyber Insurance.
The accelerating speed of technological advances is foundationally changing business processes, supply chains and delivery mechanisms across a plethora of industries: health care, university systems, entertainment, transportation and financial services. Both the accumulation of data and the technology using the data have become significantly more sophisticated, but the controls for data infrastructure and security haven't caught up. There is no amount of money a company can spend to keep itself 100% secure, so insurance is a natural complement to loss mitigation efforts, to provide a financial backstop in the event of a loss. The insurance industry has traditionally been slow to respond to technological innovation, but finds itself in a unique position managing this emerging risk as it relates to its own business as well as those of its policyholder customers.
Cyberrisk differs from many other insurance risks owing to a lack of actuarial data, rapid evolution, broad operational scope involving people, process and technology, and the potential for an active adversary. The idiosyncratic nature of this risk is difficult to estimate and clearly expanding, with recent significant losses for a host of the largest companies in the world, including Target, Home Depot, J.P. Morgan Chase, Equifax, Anthem, Yahoo and Sony.
Idiosyncratic risk can be managed through diversification, risk limits and prudent underwriting, but cyberrisk presents a systemic aggregation challenge as well. Malware such as NotPetya or interruptions to key service providers such as the DDoS attack on Dyn DNS could affect multiple insureds, causing an aggregate loss to insurers. Insurers are conservative with regard to insuring cyberrisk, and their approach to cyber underwriting has therefore been a measured one: They have allocated a very small percentage of their overall insurance portfolio to cyber, with typical allocations of premiums of less than 1%. In addition, the limits offered on cyber insurance have been rather low compared to well-understood risks such as property catastrophe risk to prevent significant individual company losses. As the cyber insurance market grows, carriers will likely retain larger amounts of the risk through underwriting operations. Additionally, the implications of cyberrisk for insurers extend beyond the affirmative cyber insurance market. Cyber events can also cause silent cyber losses, where policies written to protect against other types of losses such as property, directors and officers, and errors and omissions find coverage from an event caused by a cyberperil. In addition to the exposure insurers face from their underwriting operations, insurers are also exposed to direct exposure from their business operations, which are heavily dependent on IT systems for high availability and high security transactions that are required for good customer service and building trust and reputation in a crowded market.
Given the incredible growth and dynamic state of the affirmative cyber market, A.M. Best, in conjunction with Guidewire's Cyence Risk Analytics team, conducted a stress test on the top 20 cyber insurance providers as of 2016 (Exhibit l), to examine the potential implications of a cyber catastrophe incident. These insurers include some of the largest carriers globally and may have the largest cyber exposures, given their significant market share in the growing coverage area.
We chose to project the cyber insurance market to 2022, to allow for a steady state portfolio to emerge. Given that the cyber insurance market is in seemingly constant flux, a longer-term forecast would be subject to considerable uncertainty.
For this exercise, we averaged historical industry growth rates and forward projections by a number of industry sources and settled on an annual growth rate of 28%.This may be conservative, as cyberrisk costs the U.S. economy over 1% of gross domestic product, or nearly $800 billion annually, and the cybersecurity marketplace is well over $100 billion. Among the drivers that are specifically relevant to the continued growth of the cyber insurance market are the following four:
Small to medium-size businesses: Estimates of cyber insurance take-up rates for SMBs range from 5% to 25%. The NAIC's 2017 data identifies roughly 2.5 million cyber policies in place in the U.S.--only around 8% of the 29.6 million businesses estimated, according to 2014 data from the U.S. Census Bureau. According to Advisen, between 2011 and 2015, the take-up rates for the SMB segment grew more rapidly than for any other revenue segment, and there is still significant room for growth. Several market leaders such as AIG, Liberty Mutual and Hartford have indicated their intention to focus on the SMB market.
Expanding industry segments: In an increasingly interconnected and digitally reliant world, cyberrisks are present in multiple forms for all industries. Today's cyber policy structures have responded to this need through versatile structures that are able to cover a range of exposures, including first-party data breach costs, liabilities, cyber extortion and business interruption. Additionally, brokers can often customize coverage to address gaps in traditional cyber policies and conventional lines like crime or property, which helps drive adoption in industries like manufacturing and utilities.
International: U.S.-domiciled organizations constitute an estimated 90% of all cyber insurance gross premiums written (GPW) today. This differs significantly from other P/C coverage lines, for which the U.S. accounts for only 40% of GPW The U.S. cyber insurance market took off as data breach notice and other privacy laws were implemented which highlights the tangible costs associated with data breaches. Such regulations are now proliferating globally; they have either already been established or will be in the near term in Canada, the European Union, the U.K., and Australia, among many others.
Increasing limits, exposure, and pricing: According to Marsh, which has published limit trends for all of its customers from 2012 to 2015, the average growth in limits during this period was 15.8% annually. Extrapolating to Dec. 31, 2022, we expect a company's average limits purchase will double The Marsh Global Market Insurance Index has tracked rate changes for cyber insurance policies since 2012 and shows an average annual rate change of 5.2%, which contrasts markedly with the U.S. casualty insurance's average renewal rate of -0.6% over the same period.
Exhibit 1 US P/C Industry--Cybersecurity Direct Premiums Written Top 20 2017 2016 2017 2016 Rank Rank Company Name DPW DPW 2 1 American International Group 227.6 228.3 3 2 XL Catlin America Group 177.9 160.8 1 3 Chubb INA Group 284.4 133.6 4 4 Travelers Group 119.1 92.2 5 5 Beazley Insurance Company, Inc. 95.0 83.9 6 6 CNA Insurance Companies 73.1 68.5 9 7 Liberty Mutual Insurance Companies 60.0 56.4 7 8 BCS Insurance Company 69.9 55.4 8 9 AXIS Insurance Group 63.8 50.3 21 10 Allied World Assurance Group 19.7 32.5 11 11 Tokio Marine US PC Group 40.0 30.6 10 12 Zurich Financial Services NA Group 43.0 26.2 16 13 Berkshire Hathaway Insurance Group 28.8 26.1 14 14 Sompo Holdings US Group 31.7 25.2 13 15 Hartford Insurance Group 34.9 25.0 22 16 Markel Corporation Group 14.5 24.4 20 17 Alleghany Insurance Holdings Group 15.8 15.5 19 18 Starr International Group 17.2 12.9 25 19 Great American P & C Insurance Group 13.5 12.3 23 20 Hiscox USA Group 14.5 11.1 Total P/C Industry 1,810.7 1,341.5 2017 % of 2016 Cyber DPW Rank Standalone Packaged 2 100.0 0.0 3 100.0 0.0 1 26.4 73.6 4 71.7 28.3 5 90.3 9.7 6 34.7 65.3 9 57.7 42.3 7 58.1 41.9 8 73.5 26.5 21 99.6 0.4 11 99.0 1.0 10 98.8 1.2 16 42.9 57.1 14 8.8 91.2 13 19.3 80.7 22 100.0 0.0 20 75.9 24.1 19 78.7 21.3 25 68.8 31.2 23 85.1 14.9 67.9 32.1 (*) Ranked by 2016 total standalone and packaged cybersecurity direct premiums written. DPW in $ millions Source: A.M. Best data and research
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||What A.M. Best Says|
|Date:||Oct 1, 2018|
|Previous Article:||Driving Value: A new study reveals the characteristics and strategies of high-performing auto insurers.|
|Next Article:||Best's Credit Rating Actions.|